The invention relates generally to a method for storing data in a shared networked environment. The invention relates further to a storage sub-system for storing data in a shared networked environment, a computing system, a data processing program, and a computer program product.
More and more enterprises turn to Cloud computing as their preferred information technology consumption method—not only for software but also for infrastructure components and for storage of data. However, “the Cloud” cannot be seen as a homogenous more or less anonymous sphere. Storage capacities may be available from different Cloud storage providers under different contractual conditions and service levels. Some providers may guarantee a data storage within the boundaries of one jurisdiction; others may not give any guarantee.
In today's Cloud environments, data can be migrated between different instances, data pools or storage locations or even entire countries. This migration may happen as part of regular operations, e.g., synchronization of data, user interactions or even attacks on the Cloud infrastructure. All of these interactions constitute one central risk:
Confidential and/or sensitive data may be moved from a secure environment into an insecure environment making the data easily accessible and therefore, potentially exposing it to (hostile) outside sources.
A series of disadvantages are related to conventional technologies: e.g., there may be no automatic security provided. Data must be protected by the client before sending it to a Cloud environment. If the associated data storage area is compromised or even physically stolen, data are at risk.
Encryption may be difficult to be implemented and managed because client systems may have different encryption capabilities and also encryption may be simply forgotten to be used during a data upload to a Cloud storage environment by users. Also, when moving data between Cloud zones of different trustworthiness, a user needs to take into account whether data may be moved to a new location in case the location has insufficient protection or is hosted in a non-trusted geographic environment or country. However, there may be a need to provide a solution that allows a secure storage of data in Cloud environments and at the same time not require dealing with encryption requirements on a client side.